zerolight

So my site was hacked again last night. More Visa related material. Barstewards! This time I just wiped my site and re-installed Joomla over lunch, and put all my components back in. This should ensure that any hidden files the hackers left behind are now gone. Fairly painless as the database was backed up. It should be secure now. If it’s not I think I’ll need to move hosts as there’s nothing more I can do, short of dropping Joomla and reverting to just WordPress.

Would you believe my site’s been hacked again, this time with Visa phishing material. I’ve removed it all and will likely need to start pleading with Google to remove me from their SafeBrowsing blacklist again. This time though we’ve found the security hole. It seems that register_globals is set to ON on the host server and this is allowing hackers to inject malicious code into PHP scripts within Joomla. I’ve now set this to OFF for my domain, which will hopefully bring an end to the hacking of my site.

Whatever happened to Innocent Until Proven Guilty? Is it right that Google Safebrowsing, or any other Anti-Phishing organisation can add you to their blacklist without first investigating the matter. Simply checking if phishing software is deployed on a site should not be considered proof beyond reasonable doubt. It’s relatively easy to hack a website and deploy your own malicious code. Surely before blacklisting a site, Google and Co should make some effort to determine whether or not the domain owner is aware of the malicious code. A simple email would suffice, giving the domain owner the opportunity to correct the offense. This doesn’t happen.

I realise that there are many thousands of blogs setup with the sole purpose of concealing the real intent of the domain, phishing. But that’s still no excuse for presuming guilt. My site has been blacklisted on Google Safebrowsing, and presumably as a result, countless other blacklists. Yet my site was hacked. Someone else occupied a space on my domain with malicious intent. Yet it’s me who’s punished.

Right now the affects are not apparent. If you are not running the latest version of Google Toolbar for Firefox with Google Safebrowsing enabled then you’re not going to notice anything different about my website. However if you do have it installed then with every page load you’ll be prompted with a dialog box warning you that my site is fraudulent, that it wants to steal your identity, your bank details, and so on. It urges you to leave. Soon this type of software will be built into every web browser. It’s certain to be on IE7 on Vista, Safari on Leopard, and a standard feature in Firefox.

What is the point of these blacklists if they end up inaccurate? I don’t know if I’m the first innocent victim to be blacklisted on these new anti-phishing sites, but I’m certainly not going to be the last. When our family visit our site looking for pictures of our son, they are going to be presented with fraud nags. The less tech savvy are going to run away, cutting up their credit cards.

You’d think an email to Google Safebrowsing would rectify the problem. Nope, they’re ignoring my emails. There’s no obvious centralised list, no body governing it, who do you complain to? How to you ensure that your site is not propagated through 100’s if not 1000’s of other blacklists? Guilty until proven innocent? I’m not sure there’s anyone to plead my case to.

No longer blacklisted? It appears so. Whom did I successfully plead my case to? I have no idea. It could be any one of a number of actions that resulted in normal service. Whomever you are, even if you’re some freaky autobot on a server somewhere, thank you.

My bl**dy website has been hacked. There’s some files hidden deep inside my site which contain fake bank websites. These are about to be removed for me by my host. How it’s been hacked I have no idea, as ACE-HOST pride themselves on being hacker-proof. More to the point, once it’s all cleaned out, how the heck am I going to get my site removed from the bl**dy black list. F’king hackers!

update: The host is doing nothing about it. I’ve removed all the crap myself, reset the permissions, changed the passwords, and notified google that my site is legit and had been temporarily highjacked. Thus far I remain on google blacklists. Nice eh?